* @param interfaceName the interface name
*/
@Override
- protected void bindService(String interfaceName) {
- int flowPriority = AclConstants.INGRESS_ACL_DEFAULT_FLOW_PRIORITY;
-
+ public void bindService(String interfaceName, Long vpnId) {
int instructionKey = 0;
List<Instruction> instructions = new ArrayList<>();
- Long elanTag = AclServiceUtils.getElanIdFromInterface(interfaceName, dataBroker);
- instructions.add(MDSALUtil.buildAndGetWriteMetadaInstruction(MetaDataUtil.getElanTagMetadata(elanTag),
- MetaDataUtil.METADATA_MASK_SERVICE, ++instructionKey));
+ if (vpnId != null) {
+ instructions.add(MDSALUtil.buildAndGetWriteMetadaInstruction(MetaDataUtil.getVpnIdMetadata(vpnId),
+ MetaDataUtil.METADATA_MASK_VRFID, ++instructionKey));
+ } else {
+ Long elanTag = AclServiceUtils.getElanIdFromInterface(interfaceName, dataBroker);
+ instructions.add(MDSALUtil.buildAndGetWriteMetadaInstruction(MetaDataUtil.getElanTagMetadata(elanTag),
+ MetaDataUtil.METADATA_MASK_SERVICE, ++instructionKey));
+ }
instructions.add(MDSALUtil.buildAndGetGotoTableInstruction(NwConstants.EGRESS_ACL_TABLE, ++instructionKey));
+ int flowPriority = AclConstants.INGRESS_ACL_DEFAULT_FLOW_PRIORITY;
BoundServices serviceInfo = AclServiceUtils.getBoundServices(
String.format("%s.%s.%s", "acl", "ingressacl", interfaceName),
ServiceIndex.getIndex(NwConstants.EGRESS_ACL_SERVICE_NAME, NwConstants.EGRESS_ACL_SERVICE_INDEX),
ingressAclDhcpv6AllowServerTraffic(dpid, dhcpMacAddress, lportTag, addOrRemove,
AclConstants.PROTO_PREFIX_MATCH_PRIORITY);
ingressAclIcmpv6AllowedTraffic(dpid, lportTag, addOrRemove);
+
+ programArpRule(dpid, lportTag, addOrRemove);
}
- programArpRule(dpid, lportTag, addOrRemove);
+ }
+
+ @Override
+ protected void updateArpForAllowedAddressPairs(BigInteger dpId, int lportTag, List<AllowedAddressPairs> deletedAAP,
+ List<AllowedAddressPairs> addedAAP) {
+ // Nothing to do for port update as ingress ARP flow is based only on lportTag
+
}
@Override
@Override
protected void writeCurrentAclForRemoteAcls(Uuid acl, int addOrRemove, Long elanTag, AllowedAddressPairs ip,
- BigInteger aclId) {
+ BigInteger aclId, Long vpnId) {
List<MatchInfoBase> flowMatches = new ArrayList<>();
- flowMatches.addAll(AclServiceUtils.buildIpAndElanDstMatch(elanTag, ip, dataBroker));
+ flowMatches.addAll(AclServiceUtils.buildIpAndSrcServiceMatch(elanTag, ip, dataBroker, vpnId));
List<InstructionInfo> instructions = new ArrayList<>();
InstructionWriteMetadata writeMetatdata =
- new InstructionWriteMetadata(aclId, MetaDataUtil.METADATA_MASK_REMOTE_ACL_ID);
+ new InstructionWriteMetadata(AclServiceUtils.getAclIdMetadata(aclId),
+ MetaDataUtil.METADATA_MASK_REMOTE_ACL_ID);
instructions.add(writeMetatdata);
instructions.add(new InstructionGotoTable(getIngressAclFilterTable()));
- String flowNameAdded = "Acl_Filter_Ingress_" + new String(ip.getIpAddress().getValue()) + "_" + elanTag;
+ Long serviceTag = vpnId != null ? vpnId : elanTag;
+ String flowNameAdded = "Acl_Filter_Ingress_" + new String(ip.getIpAddress().getValue()) + "_" + serviceTag;
+ LOG.warn((addOrRemove == 0 ? "ADD" : "REMOVE") + flowNameAdded);
- Map<String, Set<AclInterface>> mapAclWithPortSet = aclDataUtil.getRemoteAclInterfaces(acl);
+ Map<String, Set<AclInterface>> mapAclWithPortSet = aclDataUtil.getAllRemoteAclInterfaces();
Set<BigInteger> dpns = collectDpns(mapAclWithPortSet);
for (BigInteger dpId : dpns) {
LOG.debug("writing rule for ip {} and rlanId {} in ingress acl remote table {}", getIpPrefixOrAddress(ip),
}
protected short getIngressAclFilterTable() {
- return NwConstants.INGRESS_ACL_FILTER_TABLE;
+ return NwConstants.EGRESS_ACL_FILTER_TABLE;
}
protected short getIngressAclRemoteAclTable() {
- return NwConstants.INGRESS_ACL_REMOTE_ACL_TABLE;
+ return NwConstants.EGRESS_ACL_REMOTE_ACL_TABLE;
}
@Override
protected void writeRemoteAclForCurrentAclForInterface(BigInteger dpId, int addOrRemove, AclInterface inter,
- BigInteger aclId, Long elanTag) {
+ BigInteger aclId, Long elanTag, Long vpnId) {
for (AllowedAddressPairs ip : inter.getAllowedAddressPairs()) {
if (!AclServiceUtils.isNotIpv4AllNetwork(ip)) {
continue;
}
List<MatchInfoBase> flowMatches = new ArrayList<>();
- flowMatches.addAll(AclServiceUtils.buildIpAndElanDstMatch(elanTag, ip, dataBroker));
+ flowMatches.addAll(AclServiceUtils.buildIpAndSrcServiceMatch(elanTag, ip, dataBroker, vpnId));
List<InstructionInfo> instructions = new ArrayList<>();
InstructionWriteMetadata writeMetatdata =
- new InstructionWriteMetadata(aclId, MetaDataUtil.METADATA_MASK_REMOTE_ACL_ID);
+ new InstructionWriteMetadata(AclServiceUtils.getAclIdMetadata(aclId),
+ MetaDataUtil.METADATA_MASK_REMOTE_ACL_ID);
instructions.add(writeMetatdata);
instructions.add(new InstructionGotoTable(getIngressAclFilterTable()));
+ Long serviceTag = vpnId != null ? vpnId : elanTag;
String flowNameAdded =
- "Acl_Filter_Ingress_" + new String(ip.getIpAddress().getValue()) + "_" + elanTag;
+ "Acl_Filter_Ingress_" + new String(ip.getIpAddress().getValue()) + "_" + serviceTag;
LOG.debug("writing rule for ip {} and elanId {} in ingress acl remote table {}",
getIpPrefixOrAddress(ip), elanTag, getIngressAclRemoteAclTable());